On Thu 14/Mar/2024 20:23:01 +0100 John Levine wrote:
It appears that Scott Kitterman <skl...@kitterman.com> said:
SPF it treated in multiple places. We cannot warn against a bad practice in
one place (135) and recommend it unconditionally in another (132).
That is exactly how one handles Security Considerations. So 132 says do SPF.
Security Considerations gives you stuff to think about how you do SPF. There's
not need to embed mitigations for the considerations throughout the draft
(someone with more IETF experience than me, please correct me if I'm wrong
about this).
If you're going to provide implementation advice for SPF, which I still think is
a bad idea, security considerations is indeed the least bad place to do it.
I agree.
The point here is not to give a questionable MUST. Telling people they MUST
grant a pass to /every/ source is questionable, isn't it?
Best
Ale
--
_______________________________________________
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc
